pam_chauthtok.c revision 115619 
1261320Sdes/*-
298937Sdes * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
398937Sdes * All rights reserved.
498937Sdes *
598937Sdes * This software was developed for the FreeBSD Project by ThinkSec AS and
6180746Sdes * Network Associates Laboratories, the Security Research Division of
798937Sdes * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
898937Sdes * ("CBOSS"), as part of the DARPA CHATS research program.
998937Sdes *
1098937Sdes * Redistribution and use in source and binary forms, with or without
1198937Sdes * modification, are permitted provided that the following conditions
1298937Sdes * are met:
1398937Sdes * 1. Redistributions of source code must retain the above copyright
1498937Sdes *    notice, this list of conditions and the following disclaimer.
1598937Sdes * 2. Redistributions in binary form must reproduce the above copyright
1698937Sdes *    notice, this list of conditions and the following disclaimer in the
1798937Sdes *    documentation and/or other materials provided with the distribution.
1898937Sdes * 3. The name of the author may not be used to endorse or promote
1998937Sdes *    products derived from this software without specific prior written
2098937Sdes *    permission.
2198937Sdes *
22255670Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23261320Sdes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2498937Sdes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2598937Sdes * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
2698937Sdes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2798937Sdes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2898937Sdes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2998937Sdes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
3098937Sdes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
3198937Sdes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3298937Sdes * SUCH DAMAGE.
3398937Sdes *
3498937Sdes * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#16 $
3598937Sdes */
3698937Sdes
37261320Sdes#include <sys/param.h>
38261320Sdes
39261320Sdes#include <security/pam_appl.h>
4098937Sdes
4198937Sdes#include "openpam_impl.h"
4298937Sdes
43261320Sdes/*
44261320Sdes * XSSO 4.2.1
45261320Sdes * XSSO 6 page 38
4698937Sdes *
4798937Sdes * Perform password related functions within the PAM framework
4898937Sdes */
4998937Sdes
5098937Sdesint
51261320Sdespam_chauthtok(pam_handle_t *pamh,
52261320Sdes	int flags)
53261320Sdes{
5498937Sdes	int r;
5598937Sdes
5698937Sdes	ENTER();
5798937Sdes	if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK))
5898937Sdes		RETURNC(PAM_SYMBOL_ERR);
5998937Sdes	r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK,
60261320Sdes	    flags | PAM_PRELIM_CHECK);
61261320Sdes	if (r == PAM_SUCCESS)
62261320Sdes		r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK,
6398937Sdes		    flags | PAM_UPDATE_AUTHTOK);
6498937Sdes	pam_set_item(pamh, PAM_OLDAUTHTOK, NULL);
6598937Sdes	pam_set_item(pamh, PAM_AUTHTOK, NULL);
66261320Sdes	RETURNC(r);
67261320Sdes}
68261320Sdes
6998937Sdes/*
7098937Sdes * Error codes:
7198937Sdes *
7298937Sdes *	=openpam_dispatch
7398937Sdes *	=pam_sm_chauthtok
74261320Sdes *	!PAM_IGNORE
75261320Sdes *	PAM_SYMBOL_ERR
76261320Sdes */
7798937Sdes
7898937Sdes/**
7998937Sdes * The =pam_chauthtok function attempts to change the authentication token
8098937Sdes * for the user associated with the pam context specified by the =pamh
8198937Sdes * argument.
82 *
83 * The =flags argument is the binary or of zero or more of the following
84 * values:
85 *
86 *	=PAM_SILENT:
87 *		Do not emit any messages.
88 *	=PAM_CHANGE_EXPIRED_AUTHTOK:
89 *		Change only those authentication tokens that have expired.
90 *
91 * If any other bits are set, =pam_chauthtok will return =PAM_SYMBOL_ERR.
92 */
93